Maintaining a computer network is essential to operation of modern corporations. One of the benefits of having a corporate network is the possibility of rapid exchange of information between company employees by means of personal computers (hereinafter, PCs) connected to the network. It should also be noted that the corporate network and its network infrastructure form a complex system and require professional administrative to minimize malfunctions of the network infrastructure and solve the most difficult problems. What is more, the corporate network may be vulnerable to harmful attacks, which, if successful, may infect all PCs in the network with malware. Such incidents reduce the performance of the users of the network until such time as the fault in the operation of the PC caused by the infection is corrected. This circumstance causes a loss of work time of the users of all PCs of the network. Furthermore, an unprotected state of a corporate network may also lead to a leakage of commercial secrets from the company or even financial resources. It is therefore very important to exercise control over the PCs in the network, and especially over the applications that are installed and that run on the PCs in the corporate network, making possible the utmost protection for the corporate network against harmful attacks and various leaks of confidential information to the outside world. For these purposes, an “application control” technology is has been created.
There are different approaches to controlling the starting of a software program (hereinafter, software or application) that are carried out by application control systems. Typically, the control is performed using a list of application control rules that control the access or the activation of an application or a group of applications. One of the common and simplified control methods is one in which control rules permit execution of any application that is not present on a list of forbidden (e.g., blacklist) applications that has been previously created by the administrator of the corporate network. Another approach is to form the control rules such that they only permit the execution of permitted applications, and forbid all others (this approach is known as “default deny”). Typically, present-day application control systems make it possible to perform both of these methods, depending on the tasks of the administrator.
Furthermore, for the convenience of control and administrative of the users in the network, the users can be combined into groups or assigned different roles that will characterize the user's authority, their ability to use any particular application on any particular PC in the network, or access to any confidential information. For example, the role of “engineer” presumes the need to use a CAD (computer-aided design) application, such as SolidWorks, in the work of the user, which application is not needed by a user with the role of “accountant” when carrying out their job responsibilities. Yet another feature of modern application control systems may be the use of categorization and inventory techniques to create and fine-tune the control rules depending on the needs of each user and the security policy of the company.
Accordingly, for a more flexible and diversified application control, every application may be assigned a category, and the user is assigned a corresponding role, which will then be used to generate the application control rules. The categorization can be done either by using previously created category templates (such as those established by the company or person developing the application control system), which contain information on different categories of applications, or by using categories generated by the administrator of the corporate network. The principle for generating the categories can be based on different criteria: the location of the application files being executed, the developer of the software, its purpose, and so on. Accordingly, a collection of categories may be formed, on the basis of which application control rules are created which also satisfy the security policy of the network. But with this approach, there is the risk of conflicts in the working of the existing application control rules and new application control rules. There is also the risk that an application control rule that is created will deliver the wrong verdicts. This is due to the fact that applications can end up either in one existing application category or in several at once, and consequently will trigger different application control rules. Furthermore, the administrator might not know which applications are forbidden or permitted to a particular network user. Hence, the rule might be generated or configured to forbid what is permitted to a user, or permit what is forbidden.
Therefore, there is a need to improve operation of modern application control systems by eliminating conflicts between new and existing application control rules.